Cyber Incident Weekly Report - Week of March 27, 2023

Lansing Community College cancels classes due to cyber attack?

WHAT HAPPENED: On Thursday, March 16, the Lansing Community College (LLC) had to cancel all classes and activities in response to an ongoing cyber incident. At this moment, the school is working closely with the Federal Bureau of Investigation (FBI) and the Michigan Cyber Command Center to investigate and resolve the situation. Students and faculty members could return to campus on Tuesday, March 21, 2023. Currently, the college says there is no evidence that personal information was at risk.?

CONCERNING:? Academic Institutions, School Boards, IT teams, Parents, Teachers

SENSCY'S ANALYSIS: As SensCy continues to monitor the development of the latest attack on the Lansing Community College, we want to reiterate the high probability that schools of all sizes across the U.S. are becoming a primary target for hackers. Cybersecurity needs to become a main concern for school boards and school districts. The conversation should be guided around how much a cyber attack can impact a school rather than how much it costs to protect the school's IT systems.? Students and faculties could lose valuable time as a result of canceled classes. If the school lacks the necessary backups and incident response plan, returning systems to normal could become a lengthy and costly process, which does not consider the potential for ransom demand and data exposure on the dark web. It is also important to remember that students and faculties can end up paying the highest price in cyber attacks while they have little control over their own data. While the investigation is ongoing, SensCy recommends to all LLC employees, students, and parents to change their passwords on any sites or software related to LLC, to monitor any changes with their credit scores, and to watch out for scams and phishing attacks.?

San Diego Health experienced a data breach due to vendor pixel use.

WHAT HAPPENED:?On Thursday, March 16, 2023, UC San Diego Health issued a notice that informed patients of a vendor data collection issue that led to a data breach. The third-party vendor, Solv Health, captured data without the health system’s permission.? According to UC San Diego Health, “the analytics tools may have captured the following information: first and last name, date of birth, email address, IP address, third-party cookies, reason for visit, and insurance type (e.g., PPO, HMO, Other).” However, the tool did not collect any Social Security numbers, medical record numbers, financial account numbers, or debit/credit card information. Those who used the scheduling tool between September 13 and December 22, 2022, will likely be impacted.?

CONCERNING:? Health Care, Third-party Risk Management, Hospitals

SENSCY'S ANALYSIS: SensCy had previously discussed the challenges faced by the healthcare industry when managing third-party vendors and risks. The healthcare industry will likely see a sharp increase in data breaches related to miss management of third-party tools and vendors. Organizations can take many practical steps to secure third-party access to their databases. Standardizing a single workflow based on the zero-trust concept can help organizations implement better vendor data access. Knowing and monitoring all third-party by creating a comprehensive inventory of the third-party needs can help understand what data they need to access. This will help organizations create robust access policies based on least privilege concepts. Finally, organizations should enforce strong access control over all third-party users.

Ferrari Suffers Data Breach following a ransomware attack, refuses to pay

WHAT HAPPENED: On Monday, March 20, 2023, the Italian sports car manufacturer Ferrari disclosed that a threat actor demanded a ransom related to customer information that may have been exposed. Although the manufacturer did not say when the incident occurred, it is likely related to the reports of a ransomware attack in October 2022, which Ferrari denied at the time. Ferrari said the exposed information includes name, address, email address, and phone number. They are working with “third-party experts” to understand the issue better and boost its security systems.?

CONCERNING:?Ferrari, Car Manufacturers, Manufacturing Industry?

SENSCY'S ANALYSIS: Although Ferrari found no evidence that financial information and details on owned cars and orders were compromised, it is likely that the threat actors already leaked that information. They will use it as leverage over Ferrari if their demands are not met. Additionally, Ferrari being one of the most expensive and luxurious car manufacturers in the world, a contact list of its customers is attractive to any hackers to craft more targeted attacks. Ferrari is also at risk of losing a lot of reputation if the situation is not adequately addressed and more data is leaked in the upcoming days.?